e54384fe872d30bf574d7b80311ce1c6d9f86a8db7b6e47cbd03069eea1bdd61

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 14:34

Target

e54384fe872d30bf574d7b80311ce1c6d9f86a8db7b6e47cbd03069eea1bdd61.exe
Size

16KB
MD5

7310548654a0e1bd553ae65d58701160
SHA1

792c541411b7ab41ad6caa4df4676fa8006edebc
SHA256

e54384fe872d30bf574d7b80311ce1c6d9f86a8db7b6e47cbd03069eea1bdd61
SHA512

6c51afaa33dbe29f8eedc29ccf1de8740e0b4989c1542af954380e3b5a6472c4253a1dd57f4ef32155a3c66fe958d080b6d2e91c5b25d916155df1d039f209c1
SSDEEP

384:qpi1PKtl50TsvD9oDPlMNcLlb5sVK4yv5Ct:qpi1PKtlMOclMNEvo

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3020	e54384fe872d30bf574d7b80311ce1c6d9f86a8db7b6e47cbd03069eea1bdd61.exe

C:\Users\Admin\AppData\Local\Temp\e54384fe872d30bf574d7b80311ce1c6d9f86a8db7b6e47cbd03069eea1bdd61.exe
"C:\Users\Admin\AppData\Local\Temp\e54384fe872d30bf574d7b80311ce1c6d9f86a8db7b6e47cbd03069eea1bdd61.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3020

memory/3020-0-0x000007FEF50CE000-0x000007FEF50CF000-memory.dmp

Filesize
4KB

Download
memory/3020-1-0x000007FEF4E10000-0x000007FEF57AD000-memory.dmp

Filesize
9.6MB

Download
memory/3020-2-0x000007FEF4E10000-0x000007FEF57AD000-memory.dmp

Filesize
9.6MB

Download
memory/3020-3-0x000007FEF50CE000-0x000007FEF50CF000-memory.dmp

Filesize
4KB

Download
memory/3020-4-0x000007FEF4E10000-0x000007FEF57AD000-memory.dmp

Filesize
9.6MB

Download
memory/3020-5-0x000007FEF4E10000-0x000007FEF57AD000-memory.dmp

Filesize
9.6MB

Download